Motion to Dismiss? The role of courts in shaping Internet policy/transcript

From IGF-USA Wiki
Jump to: navigation, search
  • Opening segment of this session is yet to be transcribed .

>> EMMA LLANSO: There's also free expression issues. In order to block an entire domain name, there may be both infringing and non infringing content. It serves as a prior restraint. It locks the infringing content, and anything else that might be posted in the future. So there's some issues here. And they will be un Constitutional. But if there's no opportunity in the proceeding case for that to play out, then the court doesn't you know, if there's no one who's part of the case who will make those arguments, then the court doesn't have a chance to really consider them.

And in the last sentence of the scenario, we hear a lot of U.S. infrastructure providers, led to the Chinese site complying with the spirit of the court order. They take the content down even though it had not violated the law in their country. And this is, unfortunately, a very good example of how courts can try to exert extraterritorial effect of their nation's laws outside of their jurisdiction, even without any power to compel action by websites who are outside.

You know, we love the internet for how interconnected it is. It has a lot of resilience against censorship. But the downside it, if you find leverage points, either technically or just, kind of, in practical effect of impeding substantial amounts of traffic to a site, you can still have a sort of coercive effect over websites that are out of your jurisdiction. Okay. A big question for me here in thinking about all of this is who is accountable for these effects, especially when it's this sort of court orders, infrastructure providers in one country to prevent access to a website in another country.

Where does the person legitimately trying to you know, maybe from a third country trying to access content on that foreign hosted site, who do they bring their fundamental rights claims to. And how do we get into at what phase of all of this discussion do we get courts to look at the fact that the effect of their order is chilling on a lot of rights that were maybe not part of the original discussion in the case.

And I also think it points to a trend that we are very concerned about seeing, that if a situation with, especially content being hosted online can't be resolved at the application layer, if it can't be resolved by the website hosting that content because they're not in your jurisdiction, or not cooperative, whatever it might be, the incentive to for either legislatures or courts to kind of push further down the stack and say if we can't get the website to take it down, we'll make the networks block it, make the domain system not resolve requests for that domain.

And that gets the censorship activity deeper into the network. And it's more pernicious than, kind of, putting that application layer, providers at risk of liability for the content.

>> ANDREW BRIDGES: Thank you. Stephen, on right to be forgotten, the scenario is that the European court of justice orders Google to suppress, on a global scale, search results that were de indexed pursuant to a claim under the right to be forgotten. One case involves a German currency trader requesting delisting of his earlier convictions for insider trading. Another, a politician who saw negative media coverage of an earlier corruption investigation. This immediately creates a clash between courts and norms in the EU and elsewhere. In the UK, now under the hypothetical, no longer part of the EU, norms in courts regard the right to know justice highly at the EU's right to be forgotten.

In the U.S., laws and courts upheld can be liable if they fail to use reasonable diligence to discover past criminal activity on people they hire. Take that away.

>> STEPHEN LaPORTE: Yeah. I wish a hypothetical was more hypothetical and less close to home. So, Wikimedia has been voicing concerns about this since 2014. It's been, you know, an ongoing debate about how the right is implemented in a way that effectively achieves its goals. And I think from Wikimedia's perspective, we see this as a fundamental issue of people's right to access information. We think a lot about free expression as the right to speak, but there is a corresponding right to receive information as well.

And that right to receive information, I think, is only increasingly more valuable as we move to an information age of, you know, a connected society online. People talk about the, you know, in the age of the internet, that speech is getting cheaper. It's easier to put information out there. But attention remains scarce. The ability to sort through lots of material is something you need technical tools, like a search engine, to be able to do.

And I think a lot of people who want to suppress information are recognizing that placing limits on speech can be difficult. And placing limits on attention by drowning out lots of material or going after the ways people receive information is a much more effective way to make information less available. So at its core, there is an attack on this right to receive information. But not to be just too one sided about the discussion, there is a corresponding right that individuals have in Europe to remove information about themselves.

And there's a balance between these two. And I think the hypothetical really spells that out very well. So I think it's useful to look at the specific examples that were brought up in the hypothetical. There is a German individual with a financial crime in their background. There is an Italian politician with some corruption in their background. And on these hypothetical cases, you can see why the individual might want that information off the public record.

But it's also equally important to consider why the people that are not those individuals want that information to be on the public record. When you're electing a politician you want to know what their past scandals are. When you're hiring someone, you want to know if they've been convicted of fraud. These are things the public has interest in. The setup of a global application of the right to be forgotten really imbalances that discussion, because you have a lot of the questions that were raised previously around the effects of the nonparties to the case.

And similarly, there's a number of really important underlying questions that may not even be asked in this proceeding. So I would like to know, is the speech itself legal? Are we allowed to say these things? I'm assuming it is legal and that's why they're going after removing it from Google rather than getting it taken down from the place where it's first being published. And then the second question I have is, how do those other interests get represented in the proceeding?

Where is the due process, not just for the individuals, but for the other people with rights that are being affected by this. And finally, if this is being applied globally, how is it being applied in a way that reflects the balance of laws. In Wikipedia's case, information without a proper citation will get taken down. That's something that Wikipedia handles on a minute by minute basis. If the right to be forgotten is implemented as it is today and will likely continue to be, there's a lack of transparency around the actual subject of the controversy.

So a notice is being sent to a search engine that says there's a corruption scandal in my background, please take me out of the search results. Now, if Google is feeling good hearted and particularly transparent, maybe they will tell the people searching for that individual something in the results is missing. Maybe they will tell the people who have that information in the first place that you have been removed from the search results. Let's just say hypothetically it's a Wikipedia article. They often do not tell that individual, the Wikipedia administrator, why the information was removed.

They just say, your article on this politician is now gone from the search results, which leaves us guessing on why this information was removed. So going back to the hypothetical, if we were to assume that individual had a good case to get information removed and they should justly have this information not on the public record, by going through a search engine, they are not enabling us to take that information down until they contact us. So this indirect way that doesn't consider the due process of all the parties involved, that applies it disproportionately, not only affects the individual who is want to get access to that information, but also interferes with the ability of the right to be forgotten to actually serve the people it's intended to protect.

And all of these are part of a really strong on going debate. I don't think that any of this is going to settle the right to access information is more important than someone's privacy. But ultimately, these are balancing acts that need to be done in consideration of the local context. So Wikipedia was written on a language by language basis. You search that Italian politician, you might find something than on German. Different communities might have chose on to describe that individual differently. We get the local nuance because the law applies locally, and applying it broadly loses out on that.

>> ANDREW BRIDGES: Thank you. You're doing GDPR, right? So, let's say that a European court confirms the monetary fines could be assessed against U.S. countries that serve even a small number of European residents, even when they are on American soil. That prompted most U.S. businesses to apply the GDPR regulatory restrictions to all their users in order to avoid ruinous fines. Also, ICANN's registries further restrict what they can reveal, despite a year long effort to generate a new policy for access to nonpublic data. Take it away.

>> ANUPAM CHANDER: So this is a great scenario. So the posits that the GDPR has gone global, that companies across the world, including the United States, are now govern themselves through it for fear of sanction. Many people won't share that, right? That would be kind of if you took a poll on Twitter, I think probably you'd get most people saying that's a great thing. And that yes, the GDPR is better law than the United States has.

I think there's some reason to be concerned about that. Now, I don't know about this room, but I think there's some reason to be concerned about that. And the concern is that if it were better law, then it should be really properly go through whatever processes we have in this country to enact it as law. And this is the complication in this area. Once we have one jurisdiction that, kind of, is able to, because of its large size, insist upon its way across the world, that means other jurisdictions will not have the ability to enact their own laws that might differ.

Now, this does mean this is complicated. That means that if there are different laws across the world, that means that some people would like the same law across the world for the internet. So the internet should be governed by the same rules across the world. That's unlikely for the immediate future, at least around questions of content moderation or privacy. I would like to see more, kind of, global agreements, multistakeholder processes, international treaties, etc., achieve these things.

But I think that's a little bit that's a process that we need to be working for. In other words, just to recap, I think that a lot of people would think that the application of the GDPR globally is a good thing. My preference would be, if you think that's the case, then instead of this, kind of, de facto GDPR being imposed on the world for fear of fines, it should be imposed through democratic processes in local jurisdictions. I think that would be a much more healthy, democratic process than relying upon Brussels to have our best interest at heart.

>> ANDREW BRIDGES: Thank you. So now we're going to turn to discussions about different policy approaches to the question, or problem of conflicting national court judgments. And we're going to start with Ali for five minutes on this topic.

>> ALI STERNBURG: Thank you. I'll use the mic now. Sorry about that before. So, if folks weren't able to hear, there are two materials I want to talk about, one, our new update to our paper on modernizing liability rules to promote global digital trade, and the other were some comments we filed last year before the PTO on the draft on enforcing international judgments. So, first of all, our modernizing liability rules paper talks a little bit about the impact of certain types of court decisions on industry and on internet companies and their users.

And we heard a little bit about some of the types of cases and opinions. I know they were hypotheticals, but there are a lot is real and has a real impact. And so for example, there are a few different types of court judgments that can have this type of impact. Sometimes there are orders where a court will order global relief, not just in the country where the court is. And other times there will be attempts in a judgment in one country, and then exported through international enforcement.

And so some of the cases that we talk about in our paper, as case studies, include a Canadian case where the court there, there's an injunction against Google, who was a nonparty to the lawsuit. And so they weren't the defendant. They were a nonparty. And often when there is a nonparty, there's a lack of due process. They're not always given notice and an opportunity to be heard. So there's definitely a challenge in procedural law. But also, substantive law is also different in different countries.

The U.S. has certain defenses in our copyright and trademark law that might be more protective of free speech than in other countries. And there are other substantive law differences, differences in copyright terms, fair use in the U.S., there are certainly some tensions between different jurisdictions that can really have an impact if there's an attempt to try to enforce other country's laws in a country where it doesn't match up, and it's not as protective of free speech and innovative there.

So one policy change that could help that is to provide these important online intermediary protections. In the IP and non IP contexts around speech, such as the section 230 protections that we have in U.S. law. Other responses to this can be discouraging courts from enforcing these types of judgments against online intermediaries. And another thing about this is there have been some there has been research showing that it's not just, kind of, a hypothetical risk to innovation. There are two studies that were done a few years ago around the impact of copyright decisions on investment and cloud computing.

And one of them looked at the Cable Vision case, which dealt with the lawfulness of DVR recordings, basically, and time shifting. And after that decision, the research found an increase in investment in the U.S. cloud computing firms. And then the next year they did a study on decisions that took place in France and Germany that did not find this kind of activity lawful, and found a corresponding decrease in investment. So these decisions can really have an impact on industry, and on entering markets, leaving markets, expanding products.

And so there really is a serious impact that court decisions can have on U.S. industry in the EU and around the world.

>> ANDREW BRIDGES: Great. Thank you, Ali. Bertrand, can we hear from you on this? We're not hearing.

>> BERTRAND DE LA CHAPELLE: Sorry. So, this is a diverse topic. I want to share a few comments. The first thing, actually, the main problem is that transnational is the new normal now. What used to be exception is now all the interactions in technology. The second element is Suzanne mentioned something that is very important. It's not only a matter of educating in that regard, it's the question of the understanding of the technical architecture. And particularly one topic that is not raised enough, which is the importance of the neutrality of the technical layer, and particularly the use of IP. One of the programs we have is about the domain system, and whether it is appropriate or not to have a domain name taken down which has a global effect, because of an activity that might be illegal in one country, which, if stated like this, shouldn't be the case.

So fundamentally, the neutrality of the layer, there's something that is probably not sufficiently in the mind of the different actors. There's another word, the word balancing. Because we are very often moving and within internet and policy network, we tend to advocate for the user reconciling. Because in many cases, it is not about choosing one principle versus another in a sort of zero sum game. There are cases where it is possible to reconcile those. And there have been long discussions on the question of anonymity in another space, and how much protecting security and privacy at the same time as there have been some concerns of security at the same time.

So reconciliation between different objectives is a core element. And in most of the topics that we're talking about, the main objective is to reconcile three things. In no particular order between them. Reconciling the fact against abuses, because there are abuses and they need to be addressed. The protection and strengthening of human rights. And making sure that in doing so, we also enable a thriving digital economy. And in many cases, it is possible to accommodate those three things together. But it is important to keep in mind that this is not necessarily a true balance of one versus the other, but to reconcile them.

And in that regard, I want to highlight this notion of coexistence, and the notion of reconciling is something that is connected to the word that was mentioned. And actually, responsibility of a certain number of other actors is to go the traditional application of conflict of those rules, which basically says, either A or B, by rather to say there are situations where you can have the combination and the coexistence of law A and law B. If you have one in one particular country, with a country that has sufficient guarantee of freedom of expression and so on, but it is legal elsewhere, you can have modalities of filtering it through the platform, IP or other, in that particular country, while making it accessible still everywhere else.

And this actually combines the two types of laws. So there are technical solutions that have to be thought of when you reconcile those things. The other point I want to make was the comment that I found very interesting regarding the tension in Wikipedia and Wikimedia between decisions by the community and the different laws. And I think there is a discussion that has to take place maybe within the community of Wikipedia itself to contribute to the discussion of how much and under which conditions should national laws be respected fully when there is an issue of restriction of speech.

Should it be filtered, should the content be filtered in a particular country just because the law there says so, or are there additional criteria that would allow to maintain it online even if there was a dispute locally. Because there is a general agreement that the law is too restrictive in that particular case. And finally, one element that is very interesting, there were different comments regarding harmonization. And I think there is a general agreement that harmonization of privacy and etc. at the global level is neither capable nor probably desirable for many reasons that all of you have full understanding.

The key question, and the key concept that we are pushing with internet and jurisdiction is the notion of legal interoperability and the focus on due process mechanisms for anything that happens across borders. And so the element that is related directly to the question we have today on the role of court, what is interesting is that things are evolving so fast that everybody is now looking at one single court decision somewhere in the world to identify what is emerging as a global jurisprudence. Like we are trying to find what are the core elements to define those principles.

The mention has been made of a mistake, everybody's looking and waiting for the decision by the European court of justice on the right to be de indexed. There was a big attention to the Microsoft case in the context of access to data for criminal investigations. And you can cite a few of them. We are more and more looking at courts for setting norms. It is important that those courts are conscious of the ripple effects they are making.

And the companies themselves have an extremely strong role, voluntarily on involuntarily, to develop norms that actually have global implementation. And was mentioned regarding the GDPR is a perfect example. But I would like to highlight this is also the case for certain elements of speech. And as a note to make you smile, I want to read you what is in service, one company, that says that you should not upload, download, post, email, transmit, store, or otherwise make available content that is harmful, violent, obscene, vulgar, invasive, or offensive, or otherwise objectionable.

So we can have a long discussion on what is the application of the different laws. We now have to seriously and this is a responsibility that the companies are perfectly conscious that they have of distributing the responsibilities, what is in the terms of service, which would have global application, and national laws. Basically, what is at stake is what is the digital society that we want to bring together.

>> ANDREW BRIDGES: Thank you, Bertrand. I'm going to tell the panel that we have some very good news. I discovered a mathematical error in our agenda, which means we actually have some time on this section. I wanted to throw a couple things out and see if I can bait some hooks for people to take. Number one, how many of these issues are truly international issues versus accumulated or aggregated national issues? So, for example, the problem of people being subject to court judgments who are not present before the court seems to me to be pervasive everywhere.

Courts decide cases between litigants and there's no public interest attorney, often, appearing as counsel for the public defense to argue a public position. The idea is that's what legislatures are supposed to do in their enactments. How much are we going to blame courts for this when most courts are implementing what they perceive to be national law, often law from the legislators, from legislatures? And so are we blaming courts for the lack of legislative harmony? We like to talk about courts giving comity as a humility principle. I have yet to know of any legislature that adopts humility as its own precept.

And then, what do we do with the fact that really, there is only one layer of entity that truly has transnational, global jurisdiction? And those are global enterprises who set their rules, often at a global basis, reacting to different pressures and different influences in the various jurisdictions where they feel vulnerable because they've got boots on the ground or money in the bank account can be seized or thrown into jail. So if anybody wants to grab at any of those, I would be grateful.

>> ANUPAM CHANDER: I can speak on the humility point. So, the U.S. Supreme Court has for the last two decades reinvigorated a humility principle of U.S. prescriptive legislation, prescriptive jurisdiction, which is the presumption against extraterritoriality. That is, whenever a U.S. court looks at a law passed by the federal government, it says that law only applies within the United States, unless the law explicitly declares otherwise, okay? So in other words, Congress, whenever it acts, is confining itself to the United States, unless that statute explicitly says it's acting abroad, right?

So in some sense, then, Congress is being humble, in that narrow sense, which is hard to imagine, by failing to include this law applies outside the United States.

>> ANDREW BRIDGES: Anyone else?

>> BERTRAND DE LA CHAPELLE: Yeah, can I chime in, if it's possible, whenever it's time?

>> ANDREW BRIDGES: Yes, please, go ahead.

>> BERTRAND DE LA CHAPELLE: Yeah, I'm very glad that Anupam mentioned that, because that's a very important question. And I don't know if humility, but, many of you may know, Dan, the combination of interest when determining the jurisdiction of a court or the application of a judgment, or even the development of the law. And I would recommend, for those of you with the notion of committee and all those questions of extraterritoriality, a remarkable chapter in a book by the Superior Court Justice, the court and the world, where he has long paragraphs about this notion and the difficulty of measuring it.

The point I want to make is that this is at the core of the exercise of sovereignty in the digital age. We are accustomed to an architecture where basically, sovereignty is primarily and almost exclusively territorial. And international separation of sovereignty, and a principle cooperation. And we are confronted with situations where because of the transnational nature, most of the problems that we're dealing with, there is a need for legislators and courts to think about taking into account all the different impacts and all the different interests that are at stake.

And I want to finish by saying, extraterritorial was deemed inappropriate in the past. More and more, it is likely that it will become a tool. It is just that it has to be dealt with precaution and with caution so as not to create disproportion transborder impacts when enacting a law or making a court decision. So, extraterritoriality is not as objectionable. It will become be taken into account. It just has to be with caution.

>> ANDREW BRIDGES: Thank you. We have another half minute or so. Okay. Go ahead.

>> EMMA LLANSO: Very quickly, that was a great point, policies and, kind of, the standards that they articulate, that they do try and intend to have apply to their users, kind of, all around the world in an equivalent way. And that has led to a lot of folks, including most recently the U.N. repertoire arguing that probably the content hosts, you know, that we have on the internet today could look to international human rights law as they set up international, legitimate norms for speech and for handling issues of hate speech, defamation, and what have you.

Because they are operating at this international scale. And whatever you may think of it, international human rights law is kind of the most globally accepted, legitimate effort that we as humans have for deciding difficult content issues. So that's definitely part of the debate right now. I don't know if any of the big platforms have taken him up on that, but that's certainly part of the conversation.

>> ANDREW BRIDGES: Thank you. Stephen.

>> STEPHEN LaPORTE: I will give you an unsatisfactory response to the first question about the public interest representation of all of this. You know, I think fundamentally, at least from my perspective, it is an issue of, like, democratic principles. There are courts in France that are looking to apply French law in a way that is not something that I as an American citizen have a chance to vote on. And that means that the laws reflect not necessarily just the decision that's going on in the court, but the decision in the legislature that is not listening to the global impact that their decisions have.

So whether or not the court is the right place to be having that debate is a really good question, I think. And a question that will probably ask itself. But at the same time, it might be the first place we have to have that debate, because we do not have the international bodies to handle it otherwise.

>> ANDREW BRIDGES: Thank you. So now we'll move on to the next part, which is to discuss the relationship of the multistakeholder outputs to judicial decisions. And first we'll hear from Suzanne. I have a question for you briefly. Do you want me to set up the particular scenario here, or do you want it generally?

>> SUZANNE WOOLF: If you want to set up the scenario.

>> ANDREW BRIDGES: Great. So, this scenario posits that in 2023, renewed international terrorism and cross border cyber attacks leads to increased electronic surveillance by governments and law enforcement. Then a court ruling in India confirms that the government can outlaw the use of transport layer security, TLS, a norm developed by the multistakeholder community at internet engineering task force to allow client server communications in a way that prevents eavesdropping. This ruling results in curtailing internet traffic to and from south Asia.

In response, internet service providers abandon TLS for all of their global communications, raising fears about free expression and civil liberties.

>> SUZANNE WOOLF: Thank you. I had to think about this a little bit. A couple of thoughts come to mind in this scenario, about the views and responsibilities. It is, in fact, above my pay grade to resolve the kind of conflict being set up. I think I've been informed a little bit about what the right questions are and how we might proceed to better understanding. One of the technology pieces I had to pick a couple. And one is proactive, and another is maybe a little bit more reactive.

But, thinking about what I understood more widely about how the internet works, even though a lot of what courts have to do isn't related to technology as such. At the same time, we have structures in place for both the basic architecture of how the thing we call the internet works, and for the stakeholders in the technical infrastructure to evolve standards and norms where that's beneficial. We can evolve the technology just as the uses of it evolve. There are mechanisms for that.

And in some ways, that is the most important contribution that the technical community has made. The architecture we have has been developed over time by a variety of stakeholders, and we'll get better regulation and better law enforcement out of understanding some of the basic assumptions we've developed over that process. So, one principle I'd like to see the tech community more proactive about explaining is the notion of stacking network functionality.

Layers or stacking of network functionality is a set of assumptions about how to separate the functions that are necessary to build a network. Easy example, the Netflix app looks pretty much the same no matter where you are and what you're watching, what device you're using. A lot of the have to do a bunch of things to make that happen. One of the reasons why it works is that certain services, the ones that applications use, are developed and operated separately.

Attacking or limiting those basic services has a much bigger impact on the network than limiting a single app or type of device. There was a reference Emma made to collateral damage, and that's where it comes in. If you're messing with the infrastructure, not just content and applications. What we can do about that, perhaps as a community, we might be able to work towards establishing a norm based on the least necessary force, or the least necessary harm to connectivity, which means making it much easier for courts and other stakeholders to distinguish between infrastructure level technology and what we consider application level technology such as a specific app.

Blocking access to content is harmful, but blocking a specific app is better than blocking infrastructure used by that app and many others, such as DNS. So as practical guidance to courts, blocking TLS is more harmful to basic connectivity than blocking a specific application. And with the extent that the value of the internet is in connectivity for whatever people want to use it for, that's a pretty straightforward thing. As another example, the GDPR issues are basically not technical.

If you go back to the original Whois, the only way to deploy is with all of the information public all the time. Now the multistakeholder technical community has built technology that can support a wider variety of policies, including tiered or open access if that's what you want to do within your local policy and legal framework. This seems likely to resolve the situation.

When courts are willing to take a broader based strategy, there's a second principle that can come into play. And again, it's challenging beyond what we'll be able to do today to resolve the jurisdictional issues in any kind of general way, but it's important to remember that the internet is a network of networks. Separation of control is part of how it functions. The existence and usefulness of the internet depends on the voluntary cooperation of many participants through different networks who exchange traffic.

A given authority can compel or forbid interactions of a particular type within their own span of control. But the unintended consequence of over extending authority is talk to you. As a colleague of mine puts it, you can only build the internet with carrots. Sticks don't work. If constraints you want to put on people's ability to connect are too difficult, they simply won't and there's no central coordination point where such decisions can be made on their behalf by someone else.

So in this particular scenario stop using TLS enterprises within their own networks. People whose governments chose for them not to use it wouldn't have it, but there's no practical way to keep the rest of us from using it. Many social and economic structures also work this way, and many technologists and folks who look at technology think we're inventing classes of new problems. Mostly, we're not. Many other structures also work this way. One thing we know is that forcing centralization or uniformity on them often works out badly.

So it's better to keep a light touch for that reason, also. Finally, I do want to say there's always a tussle going on among these factors, and always a struggle to synthesize. Technology can't resolve any more that any other structure can. When it comes to the process, tech is only one subset of the stakeholders. A primary goal of technology is to preserve and extend the ability to have a conversation. And for that reason alone, we need multistakeholder mechanisms to make sure the technology is flexible enough to accommodate the full end of the conversation, even though we are not always going to like what other people do with their networks.

>> ANDREW BRIDGES: Thank you. So now we have an opportunity for some general panel discussion on the relationship between multistakeholder processes and outputs and judicial decisions. I guess one thing I would like to do to kick it off is to sort of take an inventory of what the multistakeholder processes have been so far. I mean, IETF has had a multistakeholder process. And I think generating internet standards. ICANN has had a multistakeholder process in generating rules for names and numbering and the like.

What other and IGF itself is a multistakeholder process that leads to outputs that are not normative the way IETF and ICANN have been. What other multistakeholder activities are really happening? And then what opportunities or rationalize are there for further multistakeholder processes to assist in this field? Anyone?

>> Buehler?

>> ANUPAM CHANDER: So I think the absence of response here indicates that multistakeholderism is super difficult, right? And the typical way that we have, kind of, international or transnational norms is through government. And so it's not multistakeholder, but state to state agreements. So, trade agreements. We work on international trade, which is very much non multistakeholder. And other kinds of norms that are set through international agreements. We talk about the Budapest convention, the aid convention, those are the ways that typically, international issues have been resolved.

Multistakeholderism is a much more difficult process. The Berkman Center has done an incredible job, colleagues have done a really nice job of collecting up various examples of multistakeholderism across the world, but it hasn't produced the kind of normative impact that ICANN has yet.

>> ANDREW BRIDGES: Bertrand, I think you have a multistakeholder process going on in the Internet and Jurisdiction Project. Let me ask you what hopes you might see for effects of your project upon courts, and other things you may want to comment on.

>> BERTRAND DE LA CHAPELLE: Well, actually, I was about to raise my hand. Thanks, Andrew. One thing that I want to maybe the distinction I was making at the very beginning between governance of the internet and governance on the internet. The multistakeholder approach has worked really well on everything that is related to the governance of the internet the technical standards, IP addresses, domain names, DNS in general. I think whatever people may think of ICANN, for better or worse, this whole set and ecosystem of governance and multistakeholder governance mechanism has basically allowed this infrastructure to grow to the users it has today with honestly an enormous amount of people around the world who have absolutely no idea of how it works.

And it's a testimony to the quality. However, on the other side, regarding the governance on the internet, and the usage, which is the second part, in the information society, the system was qualified by as being i.e., completely embryonic. We have the IGF, but it doesn't produce recommendations. It is a great watering hole for people to explain what they are doing. But the key question international organizations to involve more actors, but they remain fundamentally intergovernmental organizations.

And the effort that we're trying that we're doing is to bring together the different stakeholders on equal footing around very concrete issues like the ones I mentioned before, access to digital evidence, content restrictions, and suspension of domain names, in order to develop what we have labeled as policy standards, my analogy with the technical standards. The goal is to identify areas where there is a modicum of convergence, a possibility of what we can label mutual informational commitments where the different actors, the states, the internet platforms, the civil society actors, the IGOs and others have the possibility to say if, for instance, requests for taking down of content or access to data are formatted in a certain way according to a certain due process standard, then the companies will be responding in the following manner, and the monitoring will be made by civil society entities or newly created agencies.

So the result of the process we're facilitating remains voluntary in the end, but the goal is that if it improves the solution, or if it provides a solution that improves the situation, then the different actors will, in a coordinated manner, implement them. This has been going on for a few years. And we are in the course of launching we just launched things that are dealing with this. Some of the people there are fully aware and participating in this exercise. And we will keep people informed of how the discussions go. And we have the third global conference of the work in Berlin on the 3rd and 5th of June 2019 in partnership with the government of Germany. And we hope to see them produce proposals on very concrete issues by then. On the impact of courts, it's more about contributing to the awareness and the education, I think.

>> ANDREW BRIDGES: Thank you, Bertrand. We're going to have Ali then Suzanne. We take ten minutes, we'll have a few minutes for questions from the audience.

>> EMMA LLANSO: I'll try to be brief. But I wanted to kind of echo what Anupam was saying about the independent multistakeholder structures. There's not a giant list of those. But there is a lot of work to involve multistakeholder perspectives in some of the more traditional, kind of, government bilateral or multilateral decision making bodies, whether that's governments making sure that their delegations to the ITU are open to a variety of stakeholders from their country. In the U.S. we have multistakeholder processes to try to talk through difficult issues.

Doing those and rule making in our different administrative agencies is a key way that the U.S. has used to get input from lots of stakeholders. I think it's important for us to keep that in mind as part of the multistakeholder model, that as we're in this, kind of, transitional, maybe, phase from government led to truly multistakeholder from the ground up bodies, there's still plenty of opportunity for bringing in the expertise of the variety of stakeholders out there, including in courts.

And so, you know, I think one of CDT's big priorities since its very beginning has been bringing technical perspective into court cases through briefs or interventions globally. And that's been really key as Suzanne was talking about. There's a lot about as you were talking about the principle of least necessary harm, sounds like least restrictive means analysis in First Amendment law, or proportionality analysis globally. There's ways that courts think about the effect of their decisions that are incredibly informed by understanding the technical realities and underpinnings of the systems they're adjudicating. So I'll echo Suzanne's call for more involvement of folks with technical background and expertise in roles and interveners in cases. That is the easiest and most direct way to inform courts about these issues.

>> ANDREW BRIDGES: Thank you. Ali.

>> ALI STERNBURG: I feel like we can't talk about multistakeholder without shouting out NCIA. They just took comments on international internet policy priorities. There was a section on jurisdictional challenges of extraterritorial applications of law. I'm sure a lot of groups participated in that. There are definitely these processes as Emma described. And I didn't get a chance to respond to Andrew's first question. I wanted to say that there are a variety of impacts on companies of different types of court decisions, and types of law.

The example I was going to mention before we moved on is that it really impacts companies of all types of sizes and all types of resources. And for example, a few years ago, Spain and a few other European countries have been passing laws on copyright and taxes. And after that law passed, Google News shut down in Spain. So these could have impacts both of court decisions and other types of policy makers from legislatures really can have impact on firms operating globally. Back to multistakeholder.

>> ANDREW BRIDGES: Thank you. Suzanne.

>> SUZANNE WOOLF: Just sort of a quick comment on the role of standards in all of this, there's what the IGF does is voluntary standards within the framework of how standards bodies work. And there's something that's so common, it's a joke that we have to keep telling each other. I cochaired the working group of the ITF that publishes documents on DNS, protocol extensions. And we have to remind ourselves on a regular bases that there are no protocol police. What we're doing is voluntary and it's a classic multistakeholder process in the sense that what we need is to in order for something to be part of the standard, we end up having to make sure that interests and incentives are aligned to the level of consensus across the set of people that have to buy in and say yes, I will do this, I will implement this to my network. That's a good example as part of the picture of what makes multistakeholder, and why it takes years.


>> ANDREW BRIDGES: So I would like to open up for questions from the audience. I'd prefer questions, please, to comments. If we run out of questions, we can move to comments. But I see a question over there.

>> AUDIENCE: If I could offer a Back to the Future question, it is that about 20 years ago, a group of

>> ANDREW BRIDGES: Can you introduce myself?

>> AUDIENCE: Roger, I work with private equity in the technology sector and have been involved in internet law and policy issues for a long time. And about 20 years ago, a group of companies who were at that time the giants of the internet industry came together to address exactly the same issue. And in a series of international conferences that took place in Montreal and Washington, and San Francisco, and Tokyo, addressed almost the same subject repeatedly.

Now, to set your way back machine, in 1998, the internet giants were NETCOM, NetSol, Slumber, British Telecom, Fujitsu, and Jeff Bezos had just quit his job to form a new company. Sergei and Larry were grad students. And Mark Zuckerberg just graduated from junior high school. It was a different world. But the issues were not vastly different. And over a period of several years, most of us involved in the exercise understood that at some point in the future the internet would have 500 million people using it, and that countries as opposed to the internet as France would have large numbers of people involved in the internet.

So we understood that the issue was looming in the future. And over a period of years came to the consensus there were probably three outcomes that would take place. And I'd like the panel to react as to which of the three, if any, are the ones that took place. There was the utopian view that at some point, there would be 20 or more countries using the internet and they would form a treaty. And the treaty would set the rules for international cooperation much as had been the case with piracy on the high seas and outer space, and postal and telegraph and other things.

There was the dystopian view, which is that nothing is going to happen. There will be mass cross border crime, mass we didn't use the words terrorism, but, you know, bad activity taking place. And the bad guys would always be two steps ahead of the good guys because there was no way to find them or do anything about them. And then there was a pragmatic view which was, this is all going to work out through a series of arbitration where companies will British will establish a consortium with others and they'll do arbitration among them to resolve jurisdictional disputes. And I'm not sure any of those scenarios worked out. If you could go back to 1998 and tell the people involved in that effort what was the future going to provide, what would you tell them?

>> ANDREW BRIDGES: Any thoughts here from the panel? I'll just throw out one strawman answer, which is that a variant of the utopian view existed until about six years ago. But it wasn't a treaty. It was American pervasive dominance of the internet without the need for a treaty, because we have been speaking in terms of harmonization, but most Americans are saying, yes, we must harmonize, our way of doing things. (Chuckling) And that doesn't hold any longer.

And particularly in the last four years, that has completely fallen apart. And I guess I don't know if others agree with me. But the question, what is about to replace that? Any thoughts?

>> ANUPAM CHANDER: So another thing I might add to the 1998 vision was the idea that cyberspace was a place. It was like outer space. And so we could think of this as a regulation of outer space. It turns out cyberspace is inside us. It's everywhere. It is us. It's the way we live. It's everything. And so to regulate cyberspace is to regulate ourselves, our bodies, our relationships, our interactions, how we got here, how we go home, how we eat, how we date, and having. So in other words, you can't come up with a body of 20 states that rates rules for cyberspace because that's creating rules for everything that we do.

>> ANDREW BRIDGES: That's great. Emma?

>> EMMA LLANSO: And I think we're clearly past the point where there's only 20 countries online, right? And so that immediately makes the concept of doing a global treaty today a much more fraught question, because it would, you know, appropriately for a global treaty on any issue today, need to involve all of the countries of the world. And that's a much bigger divergence of opinion about the right way to approach things than we might have imagined in '98 looking at say, U.S. and western Europe countries being the likely early adopters who have more of a common set of interests and approach to human rights issues.

But there have also been, you know, I think short of reaching an international treaty, there has been a lot of effort to coordinate on issues like cybercrime. And one of the big questions is, you know, cross border access to data held by a company headquartered in the U.S. with servers around the world. Under what conditions does a German official investigating a crime between Germans in Germany, are they able to compel a U.S. based service provider to hand over information. So the thing that keeps us from a full dystopian view is international law enforcement and intelligence has had incentives to coordinate.

>> ANDREW BRIDGES: That was such a good question. We're going to close by doing one minute from each speaker. We'll go from my right.

>> STEPHEN LaPORTE: I would like to tell them it's a utopia. I'm an internet true believer. There are lots of utopian corners of the internet. But you can boil this down to unplanned internet or a planned internet, one that is pragmatic or one that is driven ad hoc by court decisions, anecdotes, news headlines, and regulation. And I think we've ended up with that less planned, the less pragmatic internet. If I had a time machine, I would tell people this is going to be driven by anecdotes, be very careful which anecdotes you tell.

>> SUZANNE WOOLF: I think an answer to the question would be all of them. There's no among there's 20 countries that are probably more important in terms of their economic and social on the internet than the rest. And the rest want their part, too. And that's perfectly appropriate and understandable. But it does remind me a little bit. There's a quote, statements the future is already here, it's just not evenly distributed. And I would add that it never will be. And the anecdotes are a big part of what happens. But also we manage to solve or at least improve the situation around some of those problems we were worried about in 1998. And we'll continue to screw it up in some ways, and continue to get it right in others.

>> ANDREW BRIDGES: Thank you. Ali.

>> ALI STERNBURG: And I would respond to two other parts of the question. One was just a list of companies mentioned, showing how much industry and changes even just over two decades. Some of it might be because of different changes in law, policy is, court decisions. Some of it is just changes in the industry and in the markets. But I think that's a relevant consideration to making policy. It's not just always about the stakeholders that are there right now. You have to think about the future and the past.

And the second would be that in the late another thing that was happening around that time is the two really important U.S. intermediary protections were passed in the late '90s, section 230, DMCA, those are things that are still around and still remain really, really important to industry and to the folks that want to speak online, so.

>> ANDREW BRIDGES: Last but not least, Bertrand, please give us some final parting words of wisdom.

>> BERTRAND DE LA CHAPELLE: I was muted, so I didn't remind you that I was there. But thanks for thinking of me. Just one word regarding the question that was asked. There is a need for innovation in governance mechanisms. We are not, and we shouldn't be caught between a binary choice between full re territorialization of the internet, and the utopian, completely self organized off the ground type of cyberspace. What is at stake, I think, and I do not commit policy network. But I would make an analogy with the internet and the web.

The internet was built by connecting heterogenous networks through a simple protocol. The way the nation system protocol. What we have today is a heterogenous government, court, companies, civil society groups, every kind of subgroup that can be run, that is a norm setting entity. And what is at stake is how do we make this set of heterogenous elements, groups, and frameworks work in an interoperative manner and making sure they can coexist. This is a big challenge and it requires that people have an open mind on what are the normative things that can be done on an issue by issue basis. Not overarching for the whole of the internet, but getting stakeholders around the table and making them work on that.

>> ANDREW BRIDGES: Thank you, Bertrand. And I'll ask the audience, please, to join me in thanking this panel of remarkable thinkers and speakers. Thank you.


>> ANDREW BRIDGES: And now there is caffeine and probably sugar to power you through the remainder of the day. Thank you.

This text, document, or file is based on live transcription.  Communication Access Realtime Translation (CART), captioning, and/or live transcription are provided in order to facilitate communication accessibility and may not be a totally verbatim record of the proceedings.